VYPR

Vendor CVEs

Hashicorp

All CVEs

155 total · sorted by risk
  • CVE-2020-4092May 6, 2020
    risk 0.00cvss epss 0.00

    "If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can…

  • CVE-2020-10944Apr 28, 2020
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.

  • CVE-2019-9764Mar 26, 2019
    risk 0.00cvss epss 0.01

    HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.

  • CVE-2019-8336Mar 5, 2019
    risk 0.00cvss epss 0.01

    HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual…

  • CVE-2018-19786Dec 5, 2018
    risk 0.00cvss epss 0.01

    HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

Page 4 of 4